About jrfrost

jrfrost · ‎09-10-2019

Is it possible to fix the colours so a cluster always has the same colour

jrfrost · ‎07-09-2018

What's the underling search(s) for each panel, is not possible to use the same search and just display the availability field in the first panel

jrfrost · ‎02-26-2018

I am trying set the initial values of a time picker to the values used on a previous dashboard via drilldown tokens. The tokens are passed OK but the field2.earliest and field2.latest tokens in the are not set so I get an error in the chart 'invalid earliest_time'. If I edit the dashboard and go to the source view and then back to the UI view the values are set correctly and the chart displays correctly. It's like the tokens passed in the URL are not evaluated correctly in the section of the xml, they are passed correctly as if I set the default value of a text box to $earliest$ and $latest$ they are shown correctly <dashboard> <label>tr</label> <init> <set token="field2.earliest">$earliest$</set> <set token="field2.latest">$latest$</set> <set token="goo">123</set> </init> <fieldset submitButton="false" autoRun="true"> <input type="text" token="time"> <label></label> <default>$plcarea$ - $errorname$</default> </input> <input type="time" token="field2"> <label></label> <default> <earliest>0</earliest> <latest></latest> </default> </input> <input type="text" token="field3"> <label>earliest</label> <default>$earliest$</default> </input> <input type="text" token="field4"> <label>latest</label> <default>$latest$</default> </input> </fieldset> <row> <panel> <chart depends="$plcchart$"> <title></title> <search> <query>index=main plcarea=$plcarea$ errordescription=$errorname$ | timechart count</query> <earliest>$field2.earliest$</earliest> <latest>$field2.latest$</latest> </search> <option name="charting.chart">column</option> <option name="charting.drilldown">none</option> <option name="refresh.display">progressbar</option> </chart> </panel> </row> <row> <panel> <chart depends="$durationchart$"> <title>The chart tile is- $plcarea - $errordescription$</title> <search> <query>index=main plcarea=$plcarea$ errordescription=$errorname$ | eval foo=strptime(endts,"%d/%m/%Y %H:%M:%S") | eval duration= foo-_time | timechart sum(duration)</query> <earliest>$field2.earliest$</earliest> <latest>$field2.latest$</latest> </search> <option name="charting.chart">column</option> <option name="charting.drilldown">none</option> <option name="refresh.display">progressbar</option> </chart> </panel> </row> </dashboard>

jrfrost · ‎11-17-2017

Thanks for this, you were right the 51 was a false positive.

jrfrost · ‎11-16-2017

I have a field extraction that gets the message number from the raw message string .{22}\s0-9 The message string is in the format of 2017-11-15T13:32:53,915 4790018 299939553102122275000175000000000022 6834527000103_0_007500002610100_100850055_00045010000010000_1___________________ The field is available and has values of 01, 02, 09, 11, 12, 19, 51, 52, 79, 90, 91 etc. but I cannot search for all values. If I search for message number 51 I get results index=main msg_number=51 If I search for message number 52 no results are returned. index=main msg_number=52 If I use the following search index=main | eval msg_number=msg_number*1 |search msg_number=52, I get results I have no idea why search for some numbers does not work.

Posts	5
Solutions	0
Karma Given	1
Karma Received	1
Member Since	‎11-16-2017

Online Status	Offline
Date Last Visited	3 weeks ago

fixed colours 3D Scatter plot

initialisation of tokens on dashboard load not wor...

Cannot search for value in extracted field

fixed colours 3D Scatter plot

Re: How do I show results from a panel in another ...

initialisation of tokens on dashboard load not wor...

Re: Cannot search for value in extracted field

Cannot search for value in extracted field